EP2400491A1 - Dispositif de traitement d'informations, procédé de traitement d'informations et programme - Google Patents

Dispositif de traitement d'informations, procédé de traitement d'informations et programme Download PDF

Info

Publication number
EP2400491A1
EP2400491A1 EP11166932A EP11166932A EP2400491A1 EP 2400491 A1 EP2400491 A1 EP 2400491A1 EP 11166932 A EP11166932 A EP 11166932A EP 11166932 A EP11166932 A EP 11166932A EP 2400491 A1 EP2400491 A1 EP 2400491A1
Authority
EP
European Patent Office
Prior art keywords
content
server
data
recorded
revocation list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP11166932A
Other languages
German (de)
English (en)
Other versions
EP2400491B1 (fr
Inventor
Hiroshi Kuno
Kenjiro Ueda
Takamichi Hayashi
Munetake Ebihara
Koji Yoshimura
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Publication of EP2400491A1 publication Critical patent/EP2400491A1/fr
Application granted granted Critical
Publication of EP2400491B1 publication Critical patent/EP2400491B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/603Digital right managament [DRM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Definitions

  • the present disclosure relates to an information processing device, an information processing method, and a program. Particularly, the present disclosure relates to an information processing device, an information processing method, and a program for executing control on the process of writing or reading data to/from a specific protected area in which access restriction is set.
  • AACS Advanced Access Content System
  • TM Blu-ray Disc
  • TM Blu-ray Disc
  • the AACS standard specifies an algorithm or the like in which encrypted content is recorded, for example, on the Blu-ray Disc (TM), and which makes it possible to restrict users capable of acquiring an encryption key for the encrypted content only to legitimate users.
  • the present AACS specification has a specification for a use control system of content recorded on discs such as a Blu-ray Disc (TM) but does not have sufficient specification for content recorded on flash memories such as, for example, a memory card.
  • flash memories such as, for example, a memory card.
  • copyright protection of content recorded on such a memory card is not sufficient. Therefore, there is a demand for establishing a use control system for controlling the use of content using media such as a memory card.
  • the AACS standard specifies the following specifications as a use control system for content recorded on discs such as a Blu-ray Disc (TM).
  • TM Blu-ray Disc
  • the AACS specification specifies the use control of such content.
  • the AACS standard specifies Managed Copy (MC) in which when content is copied between a medium in accordance with the specification (a), the copying is permitted only when copy permission information is acquired from a management server.
  • MC Managed Copy
  • the AACS standard specifies various download types as the process of downloading content from a server in accordance with the specification (b).
  • download types include EST (Electric Sell Through) which uses user devices such as a PC and MoD (Manufacturing on Demand) which uses shared terminals installed in a convenience store or the like. Even when recording and using content on a disc through these downloading processes, it is necessary to perform the processes in accordance with predetermined rules.
  • the AACS standard is intended to control the use of content recorded on discs such as a Blu-ray Disc (TM) but does not have a sufficient specification for controlling the use of content recorded on flash memory-type memory cards including USB memories and the like.
  • TM Blu-ray Disc
  • At least an example embodiment of the present disclosure is directed to an information processing device including: a memory having a protected area which is a data recording area in which access restriction is set; and a data processing unit that determines accessibility in response to a request for accessing the protected area from an access requesting device, wherein the data processing unit verifies a device certificate received from the access requesting device and determines accessibility to the protected area based on access control information recorded in the device certificate.
  • the data processing unit may verify the device certificate received from the access requesting device and determine accessibility to each segment area of the protected area based on the access control information for each of the segment areas of the protected area recorded in the device certificate.
  • the data processing unit may verify the device certificate received from the access requesting device and determines availability of a data writing process and a data reading process on each segment area of the protected area based on the access control information of the data writing process and the data reading process for each of the segment areas of the protected area recorded in the device certificate.
  • the data processing unit may verify the device certificate received from the access requesting device and determines accessibility to each segment area of the protected area based on type information of the access requesting device recorded in the device certificate.
  • the data processing unit may verify a signature set in the device certificate received from the access requesting device and determine accessibility to the protected area based on the access control information recorded in the device certificate only when the validity of the device certificate is confirmed through signature verification.
  • the data processing unit may record key information which is used for reproducing encrypted content in a segment area within the protected area, which is determined to be a data writable area based on the device certificate received from the access requesting device.
  • the data processing unit may record the key information which is used for reproducing encrypted content in a segment area within the protected area, which is determined to be the data writable area based on a server certificate received from a server that provides content management data.
  • the data processing unit may execute a process of reading the key information used for reproducing encrypted content from the segment area within the protected area, which is determined to be a data readable area based on a host certificate received from a host device that executes a content reproducing process and providing the read key information to the host device.
  • the protected area may be segmented into a plurality of segment areas, and the data processing unit may execute a recording process using different segment areas depending on the type of recording data.
  • the information processing device may be a flash memory-type memory card.
  • a data recording control system including: a server that provides key information which is used for reproducing encrypted content; and an information processing device that records data provided by the server, wherein the information processing device includes a memory having a protected area which is a data recording area in which access restriction is set, and a data processing unit that determines accessibility in response to a request for accessing the protected area from the server, wherein the data processing unit verifies a server certificate received from the server, selects a segment area in which the server is permitted to write data based on access control information recorded in the server certificate, and records the key information in the selected segment area.
  • Still another at least example embodiment of the present disclosure is directed to an information processing method for executing access control in an information processing device which includes a memory having a protected area which is a data recording area in which access restriction is set, the method including: permitting a data processing unit to determine accessibility in response to a request for accessing the protected area from an access requesting device, wherein the permitting involves verifying a device certificate received from the access requesting device and determining accessibility to the protected area based on access control information recorded in the device certificate.
  • Yet another at least example embodiment of the present disclosure is directed to a program for executing access control in an information processing device which includes a memory having a protected area which is a data recording area in which access restriction is set, the program including: permitting a data processing unit to determine accessibility in response to a request for accessing the protected area from an access requesting device, wherein the permitting involves verifying a device certificate received from the access requesting device and determining accessibility to the protected area based on access control information recorded in the device certificate.
  • the program according to the at least example embodiment of the present disclosure is a computer program which can be provided to an information processing device and a computer system capable of executing various program codes by a recording medium or a communication medium in a computer-readable manner.
  • processes corresponding to the program are carried out by the information processing device and the computer system.
  • a system referred to in this specification means a logical set of plural devices and is not limited to a configuration in which the devices are disposed in the same chassis.
  • the information processing device includes a memory having a protected area which is a data recording area in which access restriction is set; and a data processing unit that determines accessibility in response to a request for accessing the protected area from an access requesting device.
  • the data processing unit verifies a device certificate received from the access requesting device and determines accessibility to the protected area based on access control information recorded in the device certificate. For example, the availability of writing and reading of data to/from each of the segment areas of the protected area is determined based on the access control information for each segment area of the protected area. Through this process, the access of each device to each segment area is controlled.
  • FIGs. 1A to 1C (a) content providing source, (b) content recorder (host), and (c) content recording medium are shown from left to right.
  • the (c) content recording medium is a medium which users use to record content thereon and reproduce content therefrom.
  • a memory card 31 which is an information recording device such as, for example, a flash memory is shown as an example.
  • These contents are copyright management contents, for example, which are subject to use control.
  • the use thereof is permitted only under predetermined use conditions, and basically, an unregulated copying process, unlimited distribution of copied data, and the like are inhibited.
  • use control information (Usage Rule) corresponding to the content is also recorded.
  • use control information (Usage Rule) that specifies copy restriction information such as an allowable copy count is also recorded.
  • the (a) content providing source is the source that provides source of content such as music or movies in which use restriction is set.
  • a content server 11 and a content recording disc 12 such as a ROM disc on which content is already recorded are shown.
  • the content server 11 is a server that provides content such as music or movies.
  • the content recording disc 12 is a disc such as a ROM disc on which content such as music or movies is already recorded.
  • the Users can load the memory card 31 which is the (c) content recording medium into the (b) content recorder (host), connect to the content server 11 through the (b) content recorder (host) to receive (download) content, and record the content on the memory card 31.
  • the content server 11 performs processes in accordance with a predetermined sequence and provides use control information, tokens, and content management information such as key information (binding key) in addition to encrypted content. These processes and provided data will be described in detail later.
  • users can load the content recording disc 12 such as a ROM disc, on which content is already recorded, into the (b) content recorder (host) in which the memory card 31 which is the (c) content recording medium is loaded and copy the content recorded on the content recording disc 12 on the memory card 31.
  • the users also need to connect to the content server 11 and perform processes in accordance with a predetermined sequence.
  • the content server 11 provides the use control information and tokens corresponding to the copied content and content management information such as key information (binding key).
  • the (b) content recorder (host) loads the memory card 31 which is the (c) content recording medium therein and records content received (downloaded) through a network from the content server 11 which is the (a) content providing source or content read from the content recording disc 12 on the memory card 31.
  • Examples of the (b) content recorder (host) include a shared terminal 21 installed in a public space, such as, for example, a station or a convenience store, which can be used by a number of unspecified users, and a recording and reproducing device (Consumer Electronic (CE) device) 22 and a PC 23 which are user devices. These examples are devices capable of loading the memory card 31 which is the (c) content recording medium therein.
  • a shared terminal 21 installed in a public space, such as, for example, a station or a convenience store, which can be used by a number of unspecified users
  • CE Consumer Electronic
  • these (b) content recorders are capable of executing data transmitting and receiving processes through a network when they are configured to execute the process of downloading content from the content server 11.
  • the content recorders need to be devices capable of reproducing discs when they use the content recording disc 12.
  • users record content downloaded from the content server 11 which is the (a) content providing source shown or content which is recorded on the content recording disc 12 such as a ROM disc on the memory card 31 which is the (c) content recording medium through the (b) content recorder (host).
  • the content server 11 which is the (a) content providing source shown or content which is recorded on the content recording disc 12 such as a ROM disc on the memory card 31 which is the (c) content recording medium through the (b) content recorder (host).
  • the users load the memory card 31 having content recorded thereon, for example, into the recording and reproducing device (CE device) 22, the PC 23, or the like which is the (b) content recorder (host) described with reference to Fig. 1B and read and reproduce the content recorded on the memory card 31.
  • CE device recording and reproducing device
  • PC 23 PC 23, or the like which is the (b) content recorder (host) described with reference to Fig. 1B and read and reproduce the content recorded on the memory card 31.
  • these contents are recorded as encrypted contents, and a reproducing device such as the recording and reproducing device (CE device) 22 or the PC 23 reproduces the content after executing a decoding process in accordance with a predetermined sequence.
  • a reproducing device such as the recording and reproducing device (CE device) 22 or the PC 23 reproduces the content after executing a decoding process in accordance with a predetermined sequence.
  • a device that reproduces the content recorded on the memory card 31 is not limited to the (b) content recorder (host) described with reference to Fig. 1B but may be other reproducing devices (players).
  • the devices need to be capable of executing a process of decoding encrypted content in accordance with a predetermined sequence, for example. That is, the devices need to store a program for executing a predetermined reproducing process sequence. The details of a content reproducing sequence will be described later.
  • Fig. 3 shows a memory card 400 of a user which is a content recording destination, a content recorder (host) 300 that executes a content recording process, a content server 200 that provides content and content management data, an authentication station (authentication server) 100 that is set as a management station of the content server 200, and a disc 250 on which content is recorded.
  • a content recorder host 300 that executes a content recording process
  • a content server 200 that provides content and content management data
  • an authentication station (authentication server) 100 that is set as a management station of the content server 200
  • a disc 250 on which content is recorded.
  • the memory card 400 shown in Fig. 3 corresponds to the memory card 31 shown in Figs. 1C and 2
  • the content recorder (host) 300 shown in Fig. 3 corresponds to the content recorder (host) shown in Fig. 1B .
  • the content server 200 shown in Fig. 3 corresponds to the content server 11 shown in Fig. 1A
  • the disc 250 shown in Fig. 3 corresponds to the disc 12 shown in Fig. 1A .
  • the content recorder (host) 300 in which the memory card 400 is loaded connects to these various content servers to acquire content and content management data and record the same on the memory card 400.
  • the authentication station (authentication server) 100 shown in Fig. 3 provides the following data to the respective content servers #1 to #n providing content and content management data:
  • Each of the content servers #1 to #n receives these data from the authentication station 100 and stores the same in an internal memory of the server.
  • the process of the content server #1 will be described as a representative example.
  • the content server #1 will be described as the content server 200.
  • the content server 200 When executing the process of providing content to the memory card 400, the content server 200 encrypts and provides content 202 as encrypted content as well as a token 201 used as content management information, a server revocation list (SRL) 203, a content revocation list (CRL) 204, and an encryption key (binding key) and the like to be used for decoding the content, which is not shown in the drawing, to the content recorder (host) 300 and records them on the memory card 400 together with the content.
  • SRL server revocation list
  • CTL content revocation list
  • an encryption key binding key
  • the content recorder (host) 300 obtains permission to copy from the content server 200 and executes copying of content.
  • the content recorder (host) 300 acquires a content ID, for example, which is an identifier of content to be copied, from the disc 250 and transmits the content ID to the content server 200.
  • the content stored in the disc 250 is also encrypted content.
  • the token 201 as content management data shown in Fig. 3 the server revocation list (SRL) 203, the content revocation list (CRL) 204, and the like are provided from the content server 200 to the content recorder (host) 300. These data are recorded on the memory card 400 together with the content as the management data corresponding to the content provided from the disc 250.
  • the authentication station 100 provides a server revocation list (SRL) 102, a content revocation list (CRL) 103, and a server certificate (Server Cert) 101 to the respective content servers as shown in Fig. 3 .
  • SRL server revocation list
  • CRL content revocation list
  • Server Cert server certificate
  • SRL server revocation list
  • CTL content revocation list
  • Figs. 4A and 4B show a data configuration example of (a) server revocation list (SRL) and (b) content revocation list (CRL), respectively.
  • the (a) server revocation list is a list in which identifiers (IDs) of revoked servers (content servers) are recorded and is a list issued by the authentication station 100.
  • the server revocation list is a list in which the server IDs of content servers in which an illegal process such as, for example, illegal distribution of content is detected are recorded.
  • the server revocation list is sequentially updated upon detection or the like of a new illegal server.
  • a version number is set as shown in Fig. 4A .
  • the version number increases, for example, from 001 to 002, 003, and the like whenever a new list is issued. That is, the version number of a newer server revocation list (SRL) is set so as to be greater than the version number of an older server revocation list (SRL).
  • SRL server revocation list
  • signature verification is first executed so as to check the validity of the server revocation list (SRL) before using the list.
  • signature verification is executed using the public key of the authentication station.
  • the server revocation list (SRL) is also recorded on a memory card that records content and a memory of a reproducing device that reproduces content, such as, for example, the recording and reproducing device 22 or the PC 23 shown in Fig. 2 .
  • the reproducing device acquires the server ID of a server from which reproduction content and content management data are received when reproducing content and verifies whether the acquired server ID is recorded as a revoked server in the server revocation list (SRL) stored in the memory of the reproducing device.
  • the server ID can be acquired from a server certificate which is received from the server as management data of content, for example.
  • a reproduction processing program for executing such a process is provided to the reproducing device in advance, and the process corresponding to the reproduction processing program is executed when performing a content reproducing process. That is, before performing the content reproducing process, the reproducing device executes a process of checking the version number of a server revocation list (SRL) used by the reproducing device and confirming that a server which provided the content being used and the content management data is not revoked based on the server revocation list (SRL).
  • SRL server revocation list
  • the (b) content revocation list is a list in which identifiers (IDs) of revoked contents are recorded and is a list issued by the authentication station 100.
  • the content revocation list (CRL) is a list which is generated, for example, when illegal circulation of copied contents is detected and in which the content IDs of the illegally circulated contents are recorded.
  • the content revocation list is sequentially updated upon detection or the like of a new illegal content.
  • a version number is set as shown in Fig. 4B .
  • the version number increases, for example, from 001 to 002, 003, and the like whenever a new list is issued. That is, the version number of a newer content revocation list (CRL) is set so as to be greater than the version number of an older content revocation list (CRL).
  • signature verification is first executed so as to check the validity of the content revocation list (CRL) before using the list.
  • signature verification is executed using the public key of the authentication station.
  • the content revocation list (CRL) is also recorded on a memory card that records content and a memory of a reproducing device that reproduces content, such as, for example, the recording and reproducing device 22 or the PC 23 shown in Fig. 2 .
  • the reproducing device acquires the content ID of reproduction content when reproducing content and verifies whether the acquired content ID is recorded as a revoked content in the content revocation list (CRL) stored in the memory of the reproducing device.
  • the content ID can be acquired from a content certificate which is received from a server (or read from a disc) as management data of content, for example.
  • a reproduction processing program for executing such a process is provided to the reproducing device in advance, and the process corresponding to the reproduction processing program is executed when performing a content reproducing process. That is, before performing the content reproducing process, the reproducing device executes a process of checking the version number of a content revocation list (CRL) used by the reproducing device and confirming that the content being used is not revoked based on the content revocation list (CRL).
  • CTL content revocation list
  • the server certificate 101 which the authentication station 100 provides to the respective content servers is a certificate which the authentication station 100 issues to a server which is permitted to perform a content providing process and is a certificate in which a server public key and the like are stored.
  • the server certificate 101 is signed by the private key of the authentication station 100 and is configured as data of which falsification is prevented.
  • Fig. 5 shows a specific example of the server certificate 101 which the authentication station 100 provides to the respective content servers.
  • the server certificate includes the following data:
  • the type information is information representing the type of certificate or the type of content server.
  • data indicating that the certificate is a server certificate and information representing the type of server for example, indicating that the server is a music content providing server or the server is a movie content providing server are recorded as the type information.
  • the server ID is an area in which a server ID as server identification information is recorded.
  • the server public key is the public key of a server.
  • the server public key constitutes the key pair corresponding to a public key encryption method together with a server private key.
  • the minimum allowable content revocation list (CRL) version (Minimum CRL Version) is the minimum version number which a reproducing device is permitted to use among the version numbers set in the content revocation list (CRL) which is the list of revoked contents described with reference to Fig. 4B . That is, the minimum allowable content revocation list (CRL) version (Minimum CRL Version) is an area in which the minimum version number which a reproducing device is permitted to use when verifying revocation of content is recorded. The reproducing device is obliged to execute the verifying process as a preliminary process of the content reproducing process.
  • a version number is set in the content revocation list (CRL) as shown in Fig. 4B .
  • the version number increases, for example, from 001 to 002, 003, and the like whenever a new list is issued. That is, the version number of a newer content revocation list (CRL) is set so as to be greater than the version number of an older content revocation list (CRL).
  • the reproducing device acquires the content ID of reproduction content when reproducing content and verifies whether the acquired content ID is recorded as a revoked content in the content revocation list (CRL) stored in the memory of the reproducing device. If the content ID of the reproduction target content is recorded in the content revocation list (CRL) , reproduction of the content is inhibited since there is a possibility that the content is illegal content such as, for example, illegally copied content.
  • CTL content revocation list
  • the reproducing device determines the reproducibility of content by referencing a content revocation list (CRL) of an old version, there is a problem in that reproduction of content which is revoked after the old CRL was issued is typically permitted.
  • CRL content revocation list
  • the minimum version number of the content revocation list (CRL) which the reproducing device is permitted to use is set.
  • This data is the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the server certificate shown in Fig. 5 .
  • the minimum allowable content revocation list (CRL) version (Minimum CRL Version) is also recorded in a token described later.
  • the reproducing device is not permitted to use a content revocation list (CRL) having a lower version number than the minimum allowable content revocation list (CRL) version (Minimum CRL Version), namely an old content revocation list (CRL).
  • CRL content revocation list
  • Minimum CRL Version minimum CRL Version
  • a reproduction processing program for executing such a process is provided to the reproducing device in advance, and the process corresponding to the reproduction processing program is executed when performing a content reproducing process.
  • the content reproducing sequence will be described later with reference to a flowchart.
  • the minimum allowable server revocation list (SRL) version (Minimum SRL Version) is the minimum version number which a reproducing device is permitted to use among the version numbers set in the server revocation list (SRL) which is the list of revoked servers (content servers) described with reference to Fig. 4A . That is, the minimum allowable server revocation list (SRL) version (Minimum SRL Version) is an area in which the minimum version number which a reproducing device is permitted to use when verifying revocation of servers is recorded. The reproducing device is obliged to execute the verifying process as a preliminary process of the content reproducing process.
  • a version number is set in the server revocation list (SRL) as shown in Fig. 4A .
  • the version number increase, for example, from 001 to 002, 003, and the like whenever a new list is issued. That is, the version number of a newer server revocation list (SRL) is set so as to be greater than the version number of an older server revocation list (SRL).
  • the reproducing device acquires the server ID of a server from which reproduction content and content management data are received when reproducing content and verifies whether the acquired server ID is recorded as a revoked server in the server revocation list (SRL) stored in the memory of the reproducing device. If the server ID of the server from which reproduction target content and content management data are received is recorded in the server revocation list (SRL), reproduction of the content is inhibited since there is a possibility that the content is content provided by an illegal server.
  • SRL server revocation list
  • the reproducing device determines the reproducibility of content by referencing a server revocation list (SRL) of an old version, there is a problem in that reproduction of content provided by a server (content server) which is revoked after the old SRL was issued is typically permitted.
  • SRL server revocation list
  • the minimum version number of the server revocation list (SRL) which the reproducing device is permitted to use is set.
  • This data is the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the server certificate shown in Fig. 5 .
  • the minimum allowable server revocation list (SRL) version (Minimum SRL Version) is also recorded in a token described later.
  • the reproducing device is not permitted to use a server revocation list (SRL) having a lower version number than the minimum allowable server revocation list (SRL) version (Minimum SRL Version), namely an old server revocation list (SRL).
  • SRL server revocation list
  • Minimum SRL Version minimum SRL Version
  • a reproduction processing program for executing such a process is provided to the reproducing device in advance, and the process corresponding to the reproduction processing program is executed when performing a content reproducing process.
  • the content reproducing sequence will be described later with reference to a flowchart.
  • the medium read/write restriction information (PAD Read/PAD Write) information on a segment area in a protected area (PDA) is recorded.
  • the segment area is an area in which reading or writing of data is permitted.
  • the protected area (PDA) is set in a storage area of a medium recording content, for example, the storage area of the memory card 31 shown in Figs. 1A to 1C and 2 or the memory card 400 shown in Fig. 3 .
  • FIG. 6 A specific configuration example of a storage area of the memory card 400 is shown in Fig. 6 .
  • the storage area of the memory card 400 includes two areas of (a) protected area 401 and (b) nonprotected area (User Area) 402 as shown in Fig. 6 .
  • the (b) nonprotected area (User Area) 402 is an area which a recording and reproducing device used by a user can freely access and on which content, general content management data, and the like are recorded. That is, users can freely write or read data to/from the nonprotected area (User Area) 402.
  • the (a) protected area 401 is an area in which unrestricted access is not permitted.
  • the availability of reading or writing is determined depending on the respective devices in accordance with a program stored in advance in the memory card 400.
  • the memory card 400 includes a data processing unit for executing the program stored in advance and an authentication processing unit for executing an authentication process. First, the memory card 400 performs a process of authenticating a device that tries to write or read data to/from the memory card 400.
  • a device certificate for example, a server certificate (Server Cert)
  • a counterpart device namely an access requesting device
  • This determination process is performed for each of the segment areas (areas #0, #1, #2, and the like shown in Fig. 6 ) in the protected area 401 shown in Fig. 6 , and only a permitted process is executed in a permitted segment area.
  • the medium read/write restriction information (PAD Read/PAD Write) is set, for example, for each accessing device such as, for example, a content server or a recording and reproducing device (host). This information is recorded in a server certificate (Server Cert) corresponding to each device or a host certificate (Host Cert).
  • server Cert server certificate
  • Host Cert host certificate
  • the memory card 400 verifies data recorded in the server certificate (Server Cert) and the host certificate (Host Cert) in accordance with the predetermined program stored in advance in the memory card 400 and permits access only to an area in which access permission is set.
  • the server access permission information corresponds to the (6) medium read/write restriction information (PAD Read/PAD Write) shown in Fig. 5 .
  • Access permission information is recorded for each segment area so that only reading of data is permitted for an area (#1) in the protected area 401 shown in Fig. 6 ; both reading and writing of data are permitted for an area (#2); and neither reading nor writing of data is permitted for an area (#3).
  • the data processing unit of the memory card 400 determines the accessibility to the respective segment areas using this information.
  • cross-authentication is executed between the access requesting device and the memory card 400.
  • the certificate for example, the server certificate (Server Cert) received from the access requesting device is verified only when this cross-authentication is successful, and the accessible area is determined.
  • signature verification is first executed so as to check the validity of the server certificate (Server Cert) before using the certificate.
  • signature verification is executed using the public key of the authentication station.
  • the content server 200 when executing the process of providing content to the memory card 400, the content server 200 encrypts and provides the content 202 as encrypted content as well as the token 201 used as content management information, the server revocation list (SRL) 203, the content revocation list (CRL) 204, and the encryption key (binding key) and the like to be used for decoding the content, which is not shown in the drawing, to the content recorder (host) 300 and records them on the memory card 400 together with the content.
  • SRL server revocation list
  • CTL content revocation list
  • the encryption key binding key
  • the content recorder (host) 300 obtains permission to copy from the content server 200 and executes copying of content. To realize this process, the content recorder (host) 300 acquires a content ID, which is an identifier of content to be copied, from the disc 250 and transmits the content ID to the content server 200.
  • the content stored in the disc 250 is also encrypted content.
  • the token 201 as content management information shown in Fig. 3 the server revocation list (SRL) 203, the content revocation list (CRL) 204, and the like are provided from the content server 200 to the content recorder (host) 300. These data are recorded on the memory card 400 together with the content as the management data corresponding to the content provided from the disc 250.
  • the token has the following data as recording data:
  • the data are areas in which the minimum version numbers of the content revocation list (CRL) and the server revocation list (SRL), which a reproducing device is permitted to use when verifying the validity of content and servers are recorded.
  • the verifying process is executed as a preliminary process of the content reproducing process.
  • the reproducing device can acquire these values by referencing the token and verify the revocation of the content and servers using the revocation list (CRL/SRL) only when the versions of the content revocation list (CRL) and the server revocation list (SRL) stored in the memory of the reproducing device are equal to or greater than the minimum values recorded in the token.
  • the content reproducing process is inhibited when the reproducing device maintains only the CRL/SRL of an old version lower than the minimum values recorded in the token.
  • the volume ID is an identifier (ID) corresponding to content of predetermined units (for example, in title units). This ID is data which is often referenced by a BD-J/API, BD+API, or the like which is a Java (TM) application that is likely to be used when reproducing content, for example.
  • the content ID is an identifier for identifying content
  • the content ID recorded in the token is set as data including a server ID of a server that provides content or content management data (including a token).
  • Content ID Server ID + Unique Content ID.
  • the content ID is recorded as data including the server ID.
  • the server ID is an ID which the authentication station sets to each content server.
  • the server ID is the same ID as the server ID which is recorded in the server certificate (Server Cert) described above with reference to Fig. 5 .
  • the unique content ID is an identifier (ID) corresponding to content, which is uniquely set by the content server.
  • the content ID recorded in the token includes a combination of the server ID set by the authentication station and the unique content ID set by the content server as described above.
  • the respective numbers of bits of the content ID, the server ID, and the unique content ID are determined in advance.
  • the reproducing device that reproduces content can acquire the server ID by acquiring a predetermined number of upper bits from the content ID recorded in the token and acquire the unique content ID by acquiring a predetermined number of lower bits from the content ID.
  • the content hash table digest(s) is data in which the hash value of content is stored in the memory card.
  • the data is used for verifying falsification of content.
  • the reproducing device that reproduces content calculates the hash value of content which is to be reproduced and has been recorded in the memory card and compares the hash value with the value recorded in the content hash table digest(s) which is recorded in the token. If the calculated data is identical to the registered data, it is determined that the content is not falsified, and the content can be reproduced. If they are not identical, it is determined that there is a possibility that the content is falsified, and reproduction thereof is inhibited.
  • the use control information hash (Usage Rule Hash) is the hash value of the use control information which a server provided to users as management data of content so as to be recorded in the memory card.
  • the use control information is data in which information on permission of a content use type is recorded. Examples of the information include the permissibility of copying content, the allowable number of copies, and the availability to output content to other devices.
  • the use control information is information recorded in the memory card together with content.
  • the use control information hash is the hash value used as data for verifying falsification of the use control information.
  • the reproducing device that reproduces content calculates the hash value of use control information corresponding to content which is to be reproduced and has been recorded in the memory card and compares the hash value with the value recorded in the use control information hash (Usage Rule Hash) which is recorded in the token. If the calculated data is identical to the registered data, it is determined that the use control information is not falsified, and the content can be used in accordance with the use control information. If they are not identical, it is determined that there is a possibility that the use control information is falsified, and the use of content such as reproduction is inhibited.
  • the time stamp is information indicating the date when the token is created, for example, the date when the (9) signature in Fig. 7 is created.
  • signature verification is first executed so as to check the validity of the token before using the token.
  • signature verification is executed using the public key of the server.
  • the public key of the server can be acquired from the server certificate described above with reference to Fig. 5 .
  • FIGs. 8A to 8C (A) content server, (B) content recorder (host), and (C) memory card are shown from left to right.
  • the (A) content server corresponds to the content server 200 shown in Fig. 3
  • the (B) content recorder corresponds to the content recorder (host) 300 shown in Fig. 3
  • the (C) memory card corresponds to the memory card 400 shown in Fig. 3 .
  • Figs. 8A to 8C show a process sequence when the content server provides content and content management information other than the content to the memory card so as to be recorded in the memory card.
  • the (C) memory card shown in Fig. 8C is loaded into the (B) content recorder (host) , communicates with the (A) content server through a communication unit of the (B) content recorder (host), receives various types of data from the (A) content server through the (B) content recorder (host), and records the data on the (C) memory card.
  • a cross-authentication process is performed between the content server and the memory card.
  • a cross-authentication process including exchanging of mutual public key certificates is performed in accordance with a public key encryption method.
  • the content server maintains the server certificate in which the public key issued by the authentication station is stored and the private key.
  • the memory card has also received the public key certificate and private key pair from the authentication station and recorded them in its memory.
  • the memory card stores a program for performing the cross-authentication process and a program for determining the accessibility to the protected area described with reference to Fig. 6 and has a data processing unit for executing these programs.
  • the server If the cross-authentication between the content server and the memory card is successful and the mutual validity is verified, the server provides various types of data to the memory card. If the cross-authentication is not successful, the server does not provide data.
  • the content server acquires data such as a volume ID recorded in a database 211 to generate a token 213.
  • the content server signs the token and transmits the token to the content recorder (host) as data to be written to the memory card.
  • the token 213 includes the following data as described above with reference to Fig. 7 :
  • the token including these data is transmitted from the (A) content server to the (C) memory card through the (B) content recorder (host) and recorded on the memory card.
  • the recording data is a token 415 shown in the (C) memory card of Fig. 8C .
  • the memory card is segmented into a protected area and a nonprotected area (User Area) as described above with reference to Fig. 6 .
  • a protected area 412 is shown in the (C) memory card shown in Fig. 8C .
  • a binding key (Kb) 414 is recorded in the protected area 412 as shown in Fig. 8C .
  • the other data are recorded in the nonprotected area (User Area).
  • binding key (Kb) 414 is a key used for encrypting a title key (also called a CPS unit key) which is used for decoding encrypted content, and is generated by the content server generating random numbers or the like.
  • step S23 of the (A) content server in Fig. 8A the binding key (Kb) is generated by the content server.
  • This key is sequentially generated by the server generating random numbers or the like whenever content is provided to the memory card or content is copied from the disc, and the generated key is provided to the memory card. Therefore, different binding keys are generated whenever content is provided or copied.
  • the binding key (Kb) generated by the server is written to the protected area of the memory card.
  • the process of writing data to the protected area of the memory card or the process of reading data from the protected area is a restricted process.
  • the availability of writing or reading is set for each access requesting device (a server or a recording and reproducing device (host)) and for each segment area (#1, #2, and the like).
  • This setting information is recorded in the server certificate (Server Cert) of the server and in the host certificate (Host Cert) of the recording and reproducing device (host).
  • the memory card records the binding key (Kb) in the segment area in the protected area, in which writing is permitted, by referencing the certificate (in this example, the server certificate (Server Cert)) received from the access requesting device.
  • This binding key is the binding key (Kb) 414 shown in Fig. 8C .
  • the detailed internal configuration of the protected area 412 is not shown in Fig. 8C , the protected area is segmented into a plurality of segment areas (#0, #1, #2, and the like) as described above with reference to Fig. 6 , and the binding key (Kb) 414 is recorded in the segment area which is recorded in the server certificate as a writable area.
  • the server certificate (Server Cert) can be referenced from the certificate which the memory card has received from the content server during the authentication process in step S21. In this case, it is to be ensured that the signature of the authentication station is set in the server certificate (Server Cert) , the memory card executes signature verification using the public key of the authentication station, and the validity of the server certificate (Server Cert) is verified.
  • the binding key when transmitting the binding key from the content server to the memory card, the binding key is transmitted as data encrypted with a session key.
  • the session key is a key which is generated during the cross-authentication process (step S21) between the server and the memory card and shared by them.
  • the memory card decodes the encrypted binding key with the session key and records the binding key in a predetermined segment area in the protected area of the memory card.
  • step S24 the (A) content server shown in Fig. 8A performs a key generation process (AES-G) using the generated binding key (Kb) and a medium ID received from the (C) memory card.
  • AES-G key generation process
  • the medium ID is an ID which is recorded in advance in the internal memory of the memory card as identification information of the memory card.
  • step S25 the content server encrypts a title key (CPS unit key) 215 which is an encryption key of content using the volume unique key to thereby generate an encrypted title key.
  • a title key (CPS unit key) 215 which is an encryption key of content using the volume unique key to thereby generate an encrypted title key.
  • the (A) content server transmits the generated encrypted title key to the (C) memory card through the (B) content recorder (host).
  • the memory card records the received encrypted title key on the memory card.
  • the recording data is the encrypted title key 416 shown in the (C) memory card of Fig. 8C .
  • the title key is also called a CPS unit key.
  • the content server generates use control information 216 corresponding to the content, executes a signing process using the private key of the content server in step S27, and provides the use control information 216 to the memory card.
  • step S28 the content server encrypts the content 218 using the title key 215 and provides the content 218 to the memory card.
  • the memory card records these data provided from the server.
  • the recording data is use control information 417 and encrypted content 418 shown in the (C) memory card of Fig. 8C .
  • the content server provides the following data to the memory card:
  • the memory card records these data on the memory card.
  • Fig. 9 shows a directory structure showing the data recorded in the memory card and an example of data recorded in the reproducing device that executes a content reproducing process.
  • the directory structure of the memory card is shown on the left side of Fig. 9 .
  • the directory structure includes a "root” directory, a "BDMV” directory which is under the “root” directory and in which BD-related content is mainly recorded, and a "DELTA” directory which is under the "BDMV” directory and in which content downloaded from a server or copied from a disc and the management information thereof are recorded. Under the "DELTA” directory, content and content management data provided from the server are recorded.
  • the directory structure shown in Fig. 9 is an example, and the recording structure of the memory card is not limited to this example, but various other structures may be used. However, it is necessary that content and management information including a token or the like corresponding to the content are recorded so that the correspondence can be identified.
  • a CPS unit key file 421 corresponds to the encrypted title key 416 shown in Fig. 8C .
  • a token 422 corresponds to the token 415 shown in Fig. 8C .
  • a content hash table 423 is provided from the content server as the hash value of content and recorded.
  • Use control information (CPS Unit Usage File #1 to #n) 424#1 to #n correspond to the use control information 417 shown in Fig. 8C .
  • the CPS unit is a unit that is set as the use unit (reproduction unit) of content, and the use control information is set for each unit.
  • a server certificate 425 is the certificate which is received from the server in the authentication process (step S21) shown in Figs. 8A and 8C and has a configuration in which the server ID, the public key of the server, and the like are stored as described above with reference to Fig. 5 .
  • a content revocation list (CRL) 426 is a list of the identifiers (IDs) of revoked contents and has the data configuration described above with reference to Fig. 4B .
  • a server revocation list (SRL) 427 is a list of the identifiers (IDs) of revoked servers and has the data configuration described above with reference to Fig. 4A .
  • the binding key is recorded in the protected area of the memory card.
  • the reproducing device to acquire the title key, it is necessary to read the binding key recorded in the protected area of the memory card, generate the volume unique key using the medium ID, and decode the encrypted title key (encrypted CPS unit key) using the generated volume unique key to thereby acquire the title key (CPS unit key).
  • Fig. 9 On the right side of Fig. 9 , an example of data recorded in the memory of a reproducing device that reproduces content recorded on the memory card is shown.
  • the reproducing device that executes the content reproducing process is, for example, the recording and reproducing device 22 and the PC 23 shown in Figs. 1A to 1C and 2 , or a reproducing device having only a reproducing function.
  • a server revocation list (SRL) 311 and a content revocation list (CRL) 312 are recorded.
  • the versions of the server revocation list (SRL) 311 and the content revocation list (CRL) 312 stored in the memory of the reproducing device are compared with the versions of the server revocation list (SRL) and the content revocation list (CRL) which the reproducing device can acquire at that point of time. If it is possible to acquire the list of the newer versions than the versions of the lists stored in the memory of the reproducing device, a list updating process of substituting the lists of the old versions stored in the memory with the lists of the newer versions is performed.
  • the versions of the server revocation list (SRL) 426 and the content revocation list (CRL) 427 recorded on the memory card are compared with the versions of the server revocation list (SRL) 311 and the content revocation list (CRL) 312 stored in the memory of the reproducing device.
  • the reproducing device substitutes the server revocation list (SRL) 311 and the content revocation list (CRL) 312 stored in the memory of the reproducing device with the server revocation list (SRL) 426 and the content revocation list (CRL) 427 recorded on the memory card.
  • the list stored in the memory is updated with the list read from the disc.
  • the reproducing device performs the process of substituting the revocation list with a newer revocation list.
  • the execution sequence of this process is recorded in a part of a reproduction processing program maintained in the reproducing device, for example, and the reproducing device updates the respective revocation lists in accordance with the program.
  • the versions of the server revocation list (SRL) 311 and the content revocation list (CRL) 312 recorded in the reproducing device are compared with the versions of the lists which are available at that point of time, for example, the lists received from the server or read from the disc or the like. If it is possible to obtain lists of a newer version, the old lists recorded in the memory of the reproducing device are updated.
  • the flowchart shown in Fig. 10 is, for example, the process of downloading content from the content server 11 shown in Fig. 1A and recording the content on the memory card 31 shown in Fig. 1C .
  • the flowchart shown in Fig. 10 is the process executed by the data processing unit of the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B .
  • the process of writing or reading data to/from the memory card may be sometimes executed by the data processing unit of the memory card.
  • the data processing unit of the memory card determines the availability of writing data to the protected area described in advance with reference to Fig. 6 .
  • step S101 the memory card is loaded into a device, and access to a server is performed.
  • the cross-authentication process between the server and the memory card described above in step S21 of Figs. 8A and 8C is executed.
  • the processes of step S102 and its subsequent steps are executed when this cross-authentication process succeeds.
  • the cross-authentication fails, a content downloading process is not executed.
  • the cross-authentication process may be performed between the recording and reproducing device and the server and between the recording and reproducing device and the memory card as necessary.
  • Various types of data are provided to the memory card and stored in the memory card at least after the cross-authentication between the server and the memory card has been successful.
  • communication with the server is performed through a device to which the memory card is loaded, for example, through the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B .
  • step S102 various types of data such as a token, a content revocation list (CRL), a server revocation list (SRL), and a server certificate are downloaded, read, and written to the memory card.
  • a token a token
  • CRL content revocation list
  • SRL server revocation list
  • server certificate a server certificate
  • the token has the data described above with reference to Fig. 7 .
  • the content revocation list is the list of identifiers (IDs) of revoked contents described above with reference to Fig. 4B .
  • the server revocation list is the list of identifiers (IDs) of revoked servers described above with reference to Fig. 4A .
  • the server certificate is the data in which the server public key described above with reference to Fig. 5 is stored.
  • the content revocation list (CRL), the server revocation list (SRL) , and the server certificate are issued by the authentication station 100 shown in Fig. 3 and are signed with the private key of the authentication station 100.
  • the token is issued by the server (for example, the content server 200 shown in Fig. 3 ) and is signed with the private key of the server.
  • step S103 the content revocation list (CRL) and the server revocation list (SRL) acquired from the server in step S102 are verified and read into the memory of the reproducing device.
  • CRL content revocation list
  • SRL server revocation list
  • step S103 A detailed sequence of step S103 will be described with reference to the flowchart shown in Fig. 11 .
  • step S151 of Fig. 11 This process is performed when the processes of steps S101 and S102 of the flowchart shown in Fig. 10 are finished. That is, this process is performed when the memory card is loaded, and the token, the content revocation list (CRL) , the server revocation list (SRL), and the server certificate are recorded on the loaded memory card.
  • CRL content revocation list
  • SRL server revocation list
  • step S152 the content revocation list (CRL) and the server revocation list (SRL) recorded on the memory card are read.
  • step S153 the signature of the content revocation list (CRL) is verified.
  • the content revocation list is the list issued by the authentication station (the authentication server) 100 as described with reference to Fig. 3 and is signed with the private key of the authentication station. In step S153, this signature is verified.
  • the public key of the authentication station necessary for the signing can be acquired from the public key certificate of the authentication station and is stored in the device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ) executing this process. If the public key is not stored, it is acquired as necessary.
  • step S153 if the signature verification of the content revocation list (CRL) is successful, and it is confirmed that the content revocation list (CRL) is a valid list without falsification, the flow process to step S154.
  • step S153 if the signature verification of the content revocation list (CRL) is not successful, and it is not confirmed that the content revocation list (CRL) is a valid list without falsification, the flow process to step S160, and the subsequent processes are halted. In this case, the processes of step S104 and its subsequent steps of the flowchart of Fig. 10 are halted, and downloading (S106) of content is not performed.
  • step S153 if the signature verification of the content revocation list (CRL) is successful, and it is confirmed that the content revocation list (CRL) is a valid list without falsification, the flow process to step S154.
  • step S154 the version of the content revocation list (CRL) downloaded and recorded on the medium (memory card) is compared with the version of the content revocation list (CRL) stored in the memory of the device, for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) in Fig. 1B , which is executing this process.
  • the (b) content recorder the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like
  • This process corresponds to the process of comparing the versions of two content revocation lists (CRL) described above with reference to Fig. 9 , namely (1) the content revocation list (CRL) 427 downloaded from the server and recorded on the memory card and (2) the content revocation list (CRL) 312 stored in the memory of the reproducing device.
  • the reproducing device corresponds to the device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ), which is executing the downloading process.
  • the device for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ), which is executing the downloading process.
  • step S154 if "the version number of the content revocation list (CRL) downloaded and recorded on the medium (memory card)" is greater than "the version number of the content revocation list (CRL) recorded in the memory of the reproducing device," the flow proceeds to step S155.
  • the content revocation list (CRL) downloaded and recorded on the medium is newer than the content revocation list (CRL) recorded in the memory of the reproducing device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ).
  • step S155 an updating process of substituting the old content revocation list (CRL) recorded in the memory of the reproducing device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ) with the new content revocation list (CRL) downloaded and recorded on the medium (memory card).
  • the reproducing device for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ) with the new content revocation list (CRL) downloaded and recorded on the medium (memory card).
  • the reproducing device that performs the content reproducing process determines the revocation state of the content and server by referencing the revocation list stored in the memory of the reproducing device during the content reproducing process, by performing such an updating process, it is possible to perform appropriate determination using a newer list.
  • the sequence of the content reproducing process will be described later.
  • step S155 When the process of updating the content revocation list (CRL) in step S155 is finished, and it is determined in step S154 that the content revocation list (CRL) downloaded and recorded on the medium (memory card) is not newer than the content revocation list (CRL) recorded on the memory of the device (No in step S154), the flow proceeds to step S156.
  • the medium memory card
  • step S156 the signature of the server revocation list (SRL) is verified.
  • the server revocation list is the list issued by the authentication station (the authentication server) 100 as described with reference to Fig. 3 and is signed with the private key of the authentication station.
  • this signature is verified.
  • the public key of the authentication station necessary for the signing can be acquired from the public key certificate of the authentication station and is stored in the device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ) executing this process. If the public key is not stored, it is acquired as necessary.
  • step S156 if the signature verification of the server revocation list (SRL) is successful, and it is confirmed that the server revocation list (SRL) is a valid list without falsification, the flow process to step S157.
  • step S156 if the signature verification of the server revocation list (SRL) is not successful, and it is not confirmed that the server revocation list (SRL) is a valid list without falsification, the flow process to step S160, and the subsequent processes are halted. In this case, the processes of step S104 and its subsequent steps of the flowchart of Fig. 10 are halted, and downloading (S106) of content is not performed.
  • step S156 if the signature verification of the server revocation list (SRL) is successful, and it is confirmed that the server revocation list (SRL) is a valid list without falsification, the flow process to step S157.
  • step S157 the version of the server revocation list (SRL) downloaded and recorded on the medium (memory card) is compared with the version of the server revocation list (SRL) stored in the memory of the device, for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) in Fig. 1B , which is executing this process.
  • This process corresponds to the process of comparing the versions of two server revocation lists (SRL) described above with reference to Fig. 9 , namely (1) the server revocation list (SRL) 426 downloaded from the server and recorded on the memory card and (2) the server revocation list (SRL) 311 stored in the memory of the reproducing device.
  • SRL server revocation list
  • the reproducing device corresponds to the device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ), which is executing the downloading process.
  • the device for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ), which is executing the downloading process.
  • step S157 if "the version number of the server revocation list (SRL) downloaded and recorded on the medium (memory card) " is greater than "the version number of the server revocation list (SRL) recorded in the memory of the reproducing device," the flow proceeds to step S158.
  • the server revocation list (SRL) downloaded and recorded on the medium is newer than the server revocation list (SRL) recorded in the memory of the reproducing device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ).
  • the reproducing device for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ).
  • step S158 an updating process of substituting the old server revocation list (SRL) recorded in the memory of the reproducing device (for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ) with the new server revocation list (SRL) downloaded and recorded on the medium (memory card).
  • the reproducing device for example, the (b) content recorder (the shared terminal 21, the recording and reproducing device 22, the PC 23, or the like) shown in Fig. 1B ) with the new server revocation list (SRL) downloaded and recorded on the medium (memory card).
  • the reproducing device determines the revocation state of the content and server by referencing the revocation list stored in the memory of the reproducing device during the content reproducing process, by performing such an updating process, it is possible to perform appropriate determination using a newer list.
  • the sequence of the content reproducing process will be described later.
  • step S158 When the process of updating the server revocation list (SRL) in step S158 is finished, and it is determined in step S157 that the server revocation list (SRL) downloaded and recorded on the medium (memory card) is not newer than the server revocation list (SRL) recorded on the memory of the device (No in step S157), this process ends and the flow proceeds to step S104 of the flowchart of Fig. 10 .
  • step S104 the processes of step S104 and its subsequent steps will be described.
  • step S104 the following determination processes are performed: (1) Whether content to be downloaded is revoked; and (2) Whether the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process.
  • CRL minimum allowable content revocation list
  • This determination process is performed by determining whether the content ID of content to be downloaded is recorded in the content revocation list (CRL) stored in the memory of the device.
  • the content ID may be the content ID which is received from the server in response to a download request to the server and may be the unique content ID in the content ID recorded in the token.
  • a content certificate in which the content ID is recorded may be received additionally from the server and the content ID described in the certificate may be used.
  • step S104 When the content ID of the content to be downloaded is recorded in the content revocation list (CRL) stored in the memory of the device, the content is revoked content, and the determination in step S104 results in "Yes,” and the subsequent processes are not executed.
  • the flow proceeds to step S110, and other downloading processes are halted. In this case, the downloading (S106) of content is not executed.
  • step S104 in the other determination in step S104 as to (2) whether the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process, if the minimum allowable content revocation list (CRL) version is determined to be greater, it is not possible to use the content revocation list (CRL) stored in the memory of the device. In this case, the determination in step S104 results in "Yes,” and the subsequent processes are not executed. The flow proceeds to step S110, and other downloading processes are halted. In this case, the downloading (S106) of content is not executed.
  • CRL minimum allowable content revocation list
  • step S104 only when it is determined that (1) the content to be downloaded is not revoked, and (2) the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is not greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process, the determination in step S104 results in "No," and the flow proceeds to the next step S105.
  • CRL minimum allowable content revocation list
  • step S105 the following determination processes are performed:
  • This determination process is performed by determining whether the server ID of the server in which the downloading process is performed is recorded in the server revocation list (SRL) stored in the memory of the device.
  • the server ID can be acquired from the server certificate acquired in step S102, for example.
  • the validity of the server certificate is verified through verification of the certificate of the authentication station assigned to the server certificate.
  • step S105 results in "Yes,” and the subsequent processes are not executed.
  • step S110 the downloading (S106) of content is not executed.
  • step S105 in the other determination in step S105 as to (2) whether the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process, if the minimum allowable server revocation list (SRL) version is determined to be greater, it is not possible to use the server revocation list (SRL) stored in the memory of the device. In this case, the determination in step S105 results in "Yes,” and the subsequent processes are not executed. The flow proceeds to step S110, and other downloading processes are halted. In this case, the downloading (S106) of content is not executed.
  • SRL minimum allowable server revocation list
  • step S105 only when it is determined that (1) the server in which the downloading process is performed is not revoked, and (2) the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is not greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process, the determination in step S105 results in "(No,” and the flow proceeds to the next step S106.
  • SRL minimum allowable server revocation list
  • step S106 the encrypted content, the CPS unit key file, the content hash table, and the use control information (CPS Unit Usage File) are downloaded from the connected server and written to the medium (memory card).
  • the encrypted content is content which is encrypted with the CPS unit key (title key) included in the CPS unit key file.
  • the CPS unit key file is a file in which the CPS unit key (title key) which is a content decoding key is recorded.
  • the CPS unit key (title key) itself is also encrypted using the volume unique key which is generated using the binding key and the medium ID.
  • the content hash table is a table in which the hash value of content is stored. This table is used in order to check the validity of content when reproducing content.
  • the use control information is data in which restriction information or the like when using content such as a process of reproducing or copying content is recorded.
  • step S107 When the downloading and recording processes in step S106 are finished, a billing process is performed in step S107.
  • the billing process may be executed as a process that involves connecting to another server such as, for example, a billing server.
  • step S108 If the completion of the billing process is not confirmed in step S108, the process ends in step S110. In this case, since downloading of the binding key in step S109 is not executed, it is not possible to decode and use content.
  • step S108 If the completion of the billing process is confirmed in step S108, the flow proceeds to step S109.
  • step S109 the binding key provided from the server is downloaded and recorded on the medium (memory card), and the process ends in step S110.
  • the binding key is key data which is necessary when generating the volume unique key through an encryption process which uses the medium ID that is recorded in advance in a nonvolatile memory of the memory card as an identifier of the memory card.
  • the volume unique key is used for decoding the CPS unit key (title key), and the CPS unit key (title key) is necessary for decoding the encrypted content.
  • step S109 the process of writing the binding key to the memory card in step S109 is executed with respect to a predetermined segment area (protected areas #1, #2, #3, and the like shown in Fig. 6 ) of the protected area of the memory card as described above with reference to Fig. 6 .
  • the recordable area in which the server is permitted to record data in the protected area of the memory card is recorded in the server certificate (Server Cert).
  • the data processing unit of the memory card performs a process of determining a recording destination of the binding key by referencing information recorded in the server certificate (Server Cert) and recording the binding key.
  • the device in which the memory card is loaded may receive recording destination permission information acquired by the memory card to determine the recording destination.
  • the device itself in which the memory card is loaded may acquire the recordable area information recorded in the server certificate (Server Cert) to determine the recording destination.
  • the version checking may not be executed during the downloading process but may be executed during the content reproducing process.
  • the version numbers of the content revocation list (CRL) and the server revocation list (SRL) recorded on the medium (memory card) are also compared with the minimum allowable versions recorded in the token.
  • the process is halted when the version numbers of the content revocation list (CRL) and the server revocation list (SRL) recorded on the medium (memory card) are lower than the minimum allowable versions recorded in the token.
  • CRL content revocation list
  • SRL server revocation list
  • steps S201 to S203 are the same as the processes of steps S101 to S103 described with reference to Fig. 10 .
  • step S201 the memory card is loaded into a device, and access to a server is performed.
  • step S201 the cross-authentication process between the server and the memory card described above in step S21 of Figs. 8A and 8C is executed.
  • step S202 and its subsequent steps are executed when this cross-authentication process is successful.
  • step S202 various types of data such as a token, a content revocation list (CRL) , a server revocation list (SRL), and a server certificate are downloaded, read, and written to the memory card.
  • a token a token
  • CRL content revocation list
  • SRL server revocation list
  • server certificate a server certificate
  • step S203 the content revocation list (CRL) and the server revocation list (SRL) acquired from the server in step S202 are verified and read into the memory of the reproducing device.
  • CRL content revocation list
  • SRL server revocation list
  • step S203 is the same as that described above with reference to the flowchart shown in Fig. 11 .
  • the validity of the content revocation list (CRL) and the server revocation list (SRL) downloaded from the server and recorded on the memory card is verified through signature verification, and the lists stored in the device are updated through comparison of the versions of the downloaded lists and the lists stored in the memory of the recording and reproducing device.
  • CRL content revocation list
  • SRL server revocation list
  • step S204 corresponds to the process of step S104 of the flowchart shown in Fig. 10 .
  • step S204 the following determination processes are performed: (1) Whether content to be downloaded is revoked; and (2) Whether the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process.
  • CRL minimum allowable content revocation list
  • step S204 only when it is determined that (1) the content to be downloaded is not revoked, and (2) the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is not greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process, the determination in step S204 results in "No," and the flow proceeds to the next step S205.
  • CRL minimum allowable content revocation list
  • step S204 determines whether the content is executed. If the determination in step S204 results in "Yes,” the flow proceeds to step S212, and the subsequent processes are halted. In this case, the downloading (S208) of content is not executed.
  • step S204 When the determination in step S204 results in "No,” the flow proceeds to the next step S205.
  • step S205 the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is compared with the version of the content revocation list (CRL) which is newly downloaded in step S202 from the server and recorded in the medium (memory card).
  • CRL minimum allowable content revocation list
  • step S205 is not included in the process described with reference to Fig. 10 .
  • step S205 if the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) which is newly downloaded in step S202 from the server and recorded on the medium (memory card), the content revocation list (CRL) which is newly recorded through this downloading becomes a list which is not usable in accordance with the contents recorded in the token.
  • the determination in step S205 results in "Yes, " and the subsequent processes are not executed.
  • the flow proceeds to step S212, and other downloading processes are halted. In this case, the downloading (S208) of content is not executed.
  • step S205 if it is determined that the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is not greater than the version of the content revocation list (CRL) which is newly downloaded in step S202 from the server and recorded on the medium (memory card), the determination in step S205 results in "No,” and the flow proceeds to the next step S206.
  • CRL minimum allowable content revocation list
  • step S206 corresponds to the process of step S105 of the flowchart shown in Fig. 10 .
  • step S206 the following determination processes are performed: (1) Whether the server in which the downloading process is performed is revoked; and (2) Whether the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process.
  • SRL minimum allowable server revocation list
  • step S206 only when it is determined that (1) the server in which the downloading process is performed is not revoked, and (2) the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is not greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process, the determination in step S206 results in "No," and the flow proceeds to the next step S207.
  • SRL minimum allowable server revocation list
  • step S206 determines whether the content is executed. If the determination in step S206 results in "Yes,” the flow proceeds to step S212, and the subsequent processes are halted. In this case, the downloading (step S208) of content is not executed.
  • step S207 the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is compared with the version of the server revocation list (SRL) which is newly downloaded in step S202 from the server and recorded in the medium (memory card).
  • SRL minimum allowable server revocation list
  • step S207 is not included in the process described with reference to Fig. 10 .
  • step S207 if the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is greater than the version of the server revocation list (SRL) which is newly downloaded in step S202 from the server and recorded on the medium (memory card), the server revocation list (SRL) which is newly recorded through this downloading becomes a list which is not usable in accordance with the contents recorded in the token.
  • the determination in step S207 results in "Yes, " and the subsequent processes are not executed.
  • the flow proceeds to step S212, and other downloading processes are halted. In this case, the downloading (S208) of content is not executed.
  • step S207 if it is determined that the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is not greater than the version of the server revocation list (SRL) which is newly downloaded in step S202 from the server and recorded on the medium (memory card) , the determination in step S207 results in "No, " and the flow proceeds to the next step S208.
  • SRL minimum allowable server revocation list
  • steps S208 to S212 correspond to the processes of steps S106 to S110 of the flowchart shown in Fig. 10 .
  • step S208 the encrypted content, the CPS unit key file, the content hash table, and the use control information (CPS Unit Usage File) are downloaded from the connected server and written to the medium (memory card).
  • the encrypted content is content which is encrypted with the CPS unit key (title key) included in the CPS unit key file.
  • the CPS unit key file is a file in which the CPS unit key (title key) which is a content decoding key is recorded.
  • the CPS unit key (title key) itself is also encrypted using the volume unique key which is generated using the binding key and the medium ID.
  • the content hash table is a table in which the hash value of content is stored. This table is used in order to check the validity of content when reproducing content.
  • the use control information is data in which restriction information or the like when using content such as a process of reproducing or copying content is recorded.
  • step S208 When the downloading and recording processes in step S208 are finished, a billing process is performed in step S209.
  • the billing process may be executed as a process that involves connecting to another server such as, for example, a billing server.
  • step S210 If the completion of the billing process is not confirmed in step S210, the processing is halted in step S212. In this case, since downloading of the binding key in step S211 is not executed, it is not possible to decode and use content.
  • step S210 If the completion of the billing process is confirmed in step S210, the flow proceeds to step S211.
  • step S211 the binding key provided from the server is downloaded and recorded on the medium (memory card).
  • the binding key is key data which is necessary when generating the volume unique key through an encryption process which uses the medium ID that is recorded in advance in a nonvolatile memory of the memory card as an identifier of the memory card.
  • the volume unique key is used for decoding the CPS unit key (title key), and the CPS unit key (title key) is necessary for decoding the encrypted content.
  • step S211 the process of writing the binding key to the memory card in step S211 is executed with respect to a predetermined segment area (protected areas #1, #2, #3, and the like shown in Fig. 6 ) of the protected area of the memory card as described above with reference to Fig. 6 .
  • the recordable area in which the server is permitted to record data is recorded in the server certificate (Server Cert).
  • a write processing program of the memory card performs a process of determining a recording destination of the binding key by referencing information recorded in the server certificate (Server Cert) and recording the binding key.
  • a download execution device may perform the process.
  • the version checking may not be executed during the downloading process but may be executed during the content reproducing process.
  • the content reproducing process is performed by the reproducing device in which the memory card is loaded.
  • the reproducing device may be various types of devices such as, for example, the recording and reproducing device 22 and the PC 23 shown in Fig. 2 , or a reproducing device having only a reproducing function. These reproducing devices store a program for executing the reproducing sequence in accordance with the flowcharts described later and execute various reproducing processes in accordance with the program, such as, for example, decoding of content, verification of management data, or verification of content and server using the management data.
  • step S301 a medium (memory card) in which reproduction target content and the management data thereof are stored is loaded, and reproduction target content is selected, for example, through designation by a user.
  • step S302 the management data corresponding to the reproduction target content are read from the memory card.
  • the management data include a token, a content hash table, a content revocation list (CRL), a server certificate, and a server revocation list (SRL).
  • CRL content revocation list
  • SRL server revocation list
  • the token has the data described above with reference to Fig. 7 .
  • the content hash table is data in which the hash value of content is stored and is used for determining the validity (falsification) of content.
  • the content revocation list is the list of identifiers (IDs) of revoked contents described above with reference to Fig. 4B .
  • the server certificate is the data in which the server public key described above with reference to Fig. 5 is stored.
  • the server revocation list is the list of identifiers (IDs) of revoked servers described above with reference to Fig. 4A .
  • the content revocation list (CRL), the server revocation list (SRL), and the server certificate are issued by the authentication station 100 shown in Fig. 3 and are signed with the private key of the authentication station 100.
  • the token and the content hash table are issued by the server (for example, the content server 200 shown in Fig. 3 ) and are signed with the private key of the server.
  • step S303 the revocation state of content is verified based on the content revocation list (CRL) acquired from the server in step S302.
  • CTL content revocation list
  • step S303 A detailed sequence of step S303 will be described with reference to the flowchart shown in Fig. 15 .
  • step S331 of Fig. 15 is the same as the process of step S301 of Fig. 14 and is a process performed as the commencing condition of the process of verifying the revocation state of content based on the content revocation list (CRL).
  • CTL content revocation list
  • step S332 the data of the server certificate, the token, and the content revocation list (CRL) are obtained.
  • These data are the management data which are recorded in the memory card so as to correspond to the reproduction target content.
  • step S333 the signatures set in the respective data of the server certificate, the token, and the content revocation list (CRL) are verified so as to check the validity of the respective data.
  • the content revocation list (CRL), the server revocation list (SRL), and the server certificate are issued by the authentication station 100 shown in Fig. 3 and are signed with the private key of the authentication station.
  • signature verification is executed using the public key of the authentication station.
  • the public key certificate in which the public key of the authentication station is stored in advance is stored in the memory of the reproducing device. Alternatively, the public key certificate is acquired as necessary.
  • the token is issued by the server (for example, the content server 200 shown in Fig. 3 ) and is signed with the private key of the server.
  • This signature is verified using the public key of the server stored in the server certificate. In this regard, it is to ensure that the validity of the server certificate is verified through signature verification.
  • step S333 if all signatures set in the respective data of the server certificate, the token, and the content revocation list (CRL) are verified and determined to be valid, the determination in step S333 results in "Yes,” and the flow proceeds to step S334.
  • step S333 determines whether any one of the signatures of the data is determined to be invalid. If any one of the signatures of the data is determined to be invalid, the determination in step S333 results in "No,” the flow proceeds to step S320 (see Fig. 14 ), and the reproducing process is halted.
  • step S333 if the validity of all of the server certificate, the token, and the content revocation list (CRL) is verified, the flow proceeds to step S334. In step S334, it is determined whether the content ID recorded in the verified token is recorded as revoked content in the verified content revocation list (CRL).
  • a combination of data of the server ID and the unique content ID are recorded as the content ID.
  • step S334 If the content ID (or the unique content ID) recorded in the token is recorded in the content revocation list (CRL), the content, namely the reproduction target content is revoked, and the determination in step S334 results in "No,” the flow proceeds to step S320, and reproduction of content is halted.
  • CTL content revocation list
  • step S334 results in "Yes,” and the flow proceeds to step S335.
  • step S335 the server ID which is set as the upper bits in the content ID recorded in the token is acquired. It is determined whether this server ID is identical to the server ID recorded in the verified server certificate (Server Cert).
  • the token is determined to be a token having correct recording data in which the content ID associated with the server ID of a valid server authenticated by the authentication station is recorded.
  • the determination in step S335 results in "Yes,” and the flow proceeds to step S304 of Fig. 14 .
  • the token is determined to be a token having data in which the incorrect content ID associated with a server ID different from the server ID of a valid server authenticated by the authentication station is recorded.
  • the determination in step S335 results in "No,” the flow proceeds to step S320 ( Fig. 14 ), and reproduction of content is halted.
  • This determination process in step S335 is performed as a process which solves a problem that a token can freely create a server outside the surveillance of the authentication station.
  • a server authenticated by the authentication station can create an illegal token.
  • a server that tries to perform an illegal act may create a token by setting the server ID included in the content ID recorded in the token to other server ID or a non-existing server ID rather than its own server ID.
  • step S335 The process of step S335 is to prevent and determine such an illegal act.
  • step S335 by determining whether the server ID included in the content ID in the token is identical to the server ID recorded in the server certificate, it is determined whether the server ID included in the content ID recorded in the token is the right issuing subject of the token and whether the token is not the token including illegal recording data.
  • CTL signature verification of the server certificate and the content revocation list
  • step S304 of the flowchart of Fig. 14 the validity of the content hash table read in step S302 is verified.
  • the content hash table is a table in which the hash value of content is registered and is data used for verifying the validity (falsification) of content, and is signed with the private key of a server, for example. This signature is verified. The signature verification is executed using the server public key acquired from the server certificate.
  • step S304 if the validity of the content hash table (CHT) is not verified, the determination in step S304 results in "No,” the flow proceeds to step S320, and reproduction of content is halted.
  • CHT content hash table
  • step S304 if the validity of the content hash table (CHT) is verified, the determination in step S304 results in "Yes,” the flow proceeds to step S305.
  • CHT content hash table
  • step S305 the content revocation list (CRL) and the server revocation list (SRL) are verified and read into the memory of the reproducing device.
  • the validity of the content revocation list (CRL) and the server revocation list (SRL) downloaded from the server and recorded on the memory card is verified through signature verification, and the lists stored in the device are updated through comparison of the versions of the downloaded lists and the lists stored in the memory of the recording and reproducing device.
  • CRL content revocation list
  • SRL server revocation list
  • step S320 If the validity is not verified through the signature verification of the revocation list, reproduction of content is halted in step S320.
  • step S306 the following determination processes are performed: (1) Whether reproduction target content is revoked; and (2) Whether the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process.
  • CRL minimum allowable content revocation list
  • step S306 only when it is determined that (1) the reproduction target content is not revoked, and (2) the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is not greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process, the determination in step S306 results in "No,” and the flow proceeds to the next step S307.
  • CRL minimum allowable content revocation list
  • step S306 results in "Yes,” the flow proceeds to step 320, and the subsequent processes are halted. In this case, the reproduction of content is not executed.
  • step S306 When the determination in step S306 results in "No, " the flow proceeds to the next step S307.
  • step S307 the following determination processes are performed: (1) Whether the server from which the reproduction target content or the management data of the reproduction target content is obtained is revoked; and (2) Whether the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process.
  • SRL minimum allowable server revocation list
  • step S307 only when it is determined that (1) the server from which the reproduction target content or the management data of the reproduction target content is obtained is not revoked; and (2) the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is not greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process, the determination in step S307 results in "No,” and the flow proceeds to the next step S308.
  • SRL minimum allowable server revocation list
  • step S307 results in "Yes”
  • the flow proceeds to step S320, and the subsequent processes are halted. In this case, the reproduction of content is not executed.
  • step S307 When the determination in step S307 results in "No,” the flow proceeds to the next step S308. In step S308, the token and the use control information are verified.
  • the token has the data configuration described above with reference to Fig. 7 and is signed with the private key of the server.
  • the use control information is data in which the content reproduction condition and the content use condition such as the allowable number of copies are recorded and is signed with the private key of the server.
  • step S308 the validity of the respective data is verified through verification of the signatures of the respective data.
  • the signature verification is executed using the server public key acquired from the server certificate.
  • step S309 the signatures of these respective data are verified so as to check the validity of the data.
  • step S309 if the validity of the token and the use control information is not verified, the determination in step S309 results in "No," the flow proceeds to step S320, and the subsequent processes are halted. In this case, reproduction of content is not performed.
  • step S309 if the validity of the token and the use control information is verified, the determination in step S309 results in "Yes,” and the flow proceeds to the next step S310.
  • step S310 the CPS unit key (title key) used for decoding content is acquired.
  • the reproducing device reads the binding key recorded in the protected area of the memory card, generates the volume unique key using the medium ID, and decodes the encrypted CPS unit key (encrypted title key) using the generated volume unique key to thereby acquire the CPS unit key (title key).
  • step S311 the encrypted content is decoded using the acquired CPS unit key (title key), and the content is reproduced.
  • the content revocation list (CRL) and the server revocation list (SRL) used for verifying the validity of the content and the server are limited to those of the versions equal to or greater than the minimum allowable versions recorded in the token. That is, it is inhibited to determine the validity of the content and server using old lists of the versions lower than the minimum allowable versions recorded in the token and to proceed to the reproducing process.
  • reproducing process sequences are executed in accordance with the reproduction processing program maintained by the reproducing device.
  • Fig. 14 the process described with reference to Fig. 14 is applied not only to when both the content and the content management data are downloaded from the server but is also executed when content is copied from other medium, for example, the content recording disc shown in Fig. 1A , to the memory card, and the management data corresponding to the content are acquired from the server.
  • the version numbers of the content revocation list (CRL) and the server revocation list (SRL) recorded on the medium (memory card) are also compared with the minimum allowable versions recorded in the token.
  • the reproducing process is halted when the version numbers of the content revocation list (CRL) and the server revocation list (SRL) recorded on the medium (memory card) are lower than the minimum allowable versions recorded in the token.
  • CRL content revocation list
  • SRL server revocation list
  • steps S381 to S385 are the same as the processes of steps S301 to S305 described with reference to Figs. 14 and 15 .
  • step S381 a medium (memory card) in which reproduction target content and the management data thereof are stored is loaded, and reproduction target content is selected, for example, through designation by a user.
  • step S382 the management data corresponding to the reproduction target content are read from the memory card.
  • the management data include a token, a content hash table, a content revocation list (CRL), a server certificate, and a server revocation list (SRL).
  • CRL content revocation list
  • SRL server revocation list
  • step S383 the revocation state of content is verified based on the content revocation list (CRL) acquired from the server in step S382.
  • CTL content revocation list
  • step S383 is the same as that described above with reference to the flowchart shown in Fig. 15 .
  • step S395 when a negative result is obtained in any one of steps S333, S334, and S335 shown in Fig. 15 : that is, whether the signature verification of the server certificate and the content revocation list (CRL) are successful in step S333, whether the content ID recorded in the token is not recorded in the content revocation list (CRL) in step S334, and whether the server ID recorded in the token is identical to the server ID of the server certificate in step S335, and the reproduction of content is halted.
  • CRM content revocation list
  • step S384 of the flowchart of Fig. 16 the validity of the content hash table read in step S382 is verified.
  • the content hash table is a table in which the hash value of content is registered and is data used for verifying the validity (falsification) of content, and is signed with the private key of a server, for example. This signature is verified. The signature verification is executed using the server public key acquired from the server certificate.
  • step S384 if the validity of the content hash table (CHT) is not verified, the determination in step S384 results in "No,” the flow proceeds to step S395, and reproduction of content is halted.
  • CHT content hash table
  • step S384 if the validity of the content hash table (CHT) is verified, the determination in step S384 results in "Yes,” the flow proceeds to step S385.
  • CHT content hash table
  • step S385 the content revocation list (CRL) and the server revocation list (SRL) are verified and read into the memory of the reproducing device.
  • the validity of the content revocation list (CRL) and the server revocation list (SRL) downloaded from the server and recorded on the memory card is verified through signature verification, and the lists stored in the device are updated through comparison of the versions of the downloaded lists and the lists stored in the memory of the recording and reproducing device.
  • CRL content revocation list
  • SRL server revocation list
  • step S386 the following determination processes are performed: (1) Whether the reproduction target content is revoked; and (2) Whether the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process.
  • CRL minimum allowable content revocation list
  • step S386 only when it is determined that (1) the reproduction target content is not revoked, and (2) the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is not greater than the version of the content revocation list (CRL) stored in the memory of the device executing this process, the determination in step S386 results in "No,” and the flow proceeds to the next step S387.
  • CRL minimum allowable content revocation list
  • step S386 results in "Yes,” the flow proceeds to step 395, and the subsequent processes are halted. In this case, the reproduction of content is not executed.
  • step S386 When the determination in step S386 results in "No,” the flow proceeds to the next step S387.
  • step S387 the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is compared with the version of the content revocation list (CRL) which is downloaded from the server as the management data corresponding to the reproduction target content and recorded in the medium (memory card).
  • step S387 is not included in the process described with reference to Fig. 14 .
  • step S387 if the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is greater than the version of the content revocation list (CRL) which is downloaded from the server and recorded in the medium (memory card) , the content revocation list (CRL) which is newly recorded through this downloading becomes a list which is not usable in accordance with the contents recorded in the token.
  • the determination in step S387 results in "Yes,” and the subsequent processes are not executed.
  • the flow proceeds to step S395, and other processes are halted. In this case, the content reproducing process is not executed.
  • step S387 if it is determined that the minimum allowable content revocation list (CRL) version (Minimum CRL Version) recorded in the token is not greater than the version of the content revocation list (CRL) which is downloaded from the server as the management data corresponding to the reproduction target content and recorded in the medium (memory card) , the determination in step S387 results in "No, " and the flow proceeds to the next step S388.
  • CRL minimum allowable content revocation list
  • CRL Minimum CRL Version
  • step S388 the following determination processes are performed:
  • step S388 only when it is determined that (1) the server from which the reproduction target content or the content management data corresponding to the reproduction target content are downloaded is not revoked, and (2) the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is not greater than the version of the server revocation list (SRL) stored in the memory of the device executing this process, the determination in step S388 results in "No,” and the flow proceeds to the next step S389.
  • SRL minimum allowable server revocation list
  • step S388 results in "Yes,” the flow proceeds to step 395, and the subsequent processes are halted. In this case, the reproduction of content is not executed.
  • step S388 When the determination in step S388 results in "No,” the flow proceeds to the next step S389.
  • step S389 the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is compared with the version of the server revocation list (SRL) which is downloaded from the server as the management data corresponding to the reproduction target content and recorded in the medium (memory card).
  • SRL minimum allowable server revocation list
  • step S389 is not included in the process described with reference to Fig. 14 .
  • step S389 if the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is greater than the version of the server revocation list (SRL) which is downloaded from the server and recorded in the medium (memory card), the server revocation list (SRL) which is newly recorded through this downloading becomes a list which is not usable in accordance with the contents recorded in the token.
  • the determination in step S389 results in "Yes,” and the subsequent processes are not executed.
  • the flow proceeds to step S395, and other processes are halted. In this case, the content reproducing process is not executed.
  • step S389 if the minimum allowable server revocation list (SRL) version (Minimum SRL Version) recorded in the token is not greater than the version of the server revocation list (SRL) which is downloaded from the server as the management data corresponding to the reproduction target content and recorded in the medium (memory card) , the determination in step S389 results in "No,” and the flow proceeds to the next step S390.
  • SRL minimum allowable server revocation list
  • SRL minimum SRL Version
  • steps S390 to S393 correspond to the processes of steps S308 to S311 of the flowchart described with reference to Fig. 14 .
  • step S390 the token and the use control information are verified.
  • the token has the data configuration described above with reference to Fig. 7 and is signed with the private key of the server.
  • the use control information is data in which the content reproduction condition and the content use condition such as the allowable number of copies are recorded and is signed with the private key of the server.
  • step S390 the validity of the respective data is verified through verification of the signatures of the respective data.
  • the signature verification is executed using the server public key acquired from the server certificate.
  • step S391 the signatures of these respective data are verified so as to check the validity of the data.
  • step S391 if the validity of the token and the use control information is not verified, the determination in step S391 results in "No," the flow proceeds to step S395, and the subsequent processes are halted. In this case, reproduction of content is not performed.
  • step S391 if the validity of the token and the use control information is verified, the determination in step S391 results in "Yes,” and the flow proceeds to the next step S392.
  • step S392 the CPS unit key (title key) used for decoding content is acquired.
  • the reproducing device reads the binding key recorded in the protected area of the memory card, generates the volume unique key using the medium ID, and decodes the encrypted CPS unit key (encrypted title key) using the generated volume unique key to thereby acquire the CPS unit key (title key).
  • step S393 the encrypted content is decoded using the acquired CPS unit key (title key), and the content is reproduced.
  • the version of the content revocation list (CRL) and the server revocation list (SRL) stored in the memory of the reproducing device and (b) the version of the content revocation list (CRL) and the server revocation list (SRL) which are downloaded from the server as the management data corresponding to the reproduction target content and stored in the memory card are limited to those of the versions equal to or greater than the minimum allowable versions recorded in the token. That is, it is inhibited to determine the validity of the content and server using old lists of the versions lower than the minimum allowable versions recorded in the token and to proceed to the reproducing process.
  • reproducing process sequences are executed in accordance with the reproduction processing program maintained by the reproducing device.
  • Figs. 16 and 17 the process described with reference to Figs. 16 and 17 is applied not only to when both the content and the content management data are downloaded from the server but is also executed when content is copied from other media, for example, the content recording disc shown in Fig. 1A , to the memory card, and the management data corresponding to the content are acquired from the server.
  • the memory card includes a nonprotected area (User Area) in which unrestricted access is permitted and a protected area.
  • User Area User Area
  • the availability of the writing process and the reading process is set as access control information for each access requesting device (the server, the recording and reproducing device (host), and the like) and for each of the segment areas (#1, #2, and the like).
  • the setting information is recorded in the device certificate of each device.
  • the device certificate is a certificate issued by the authentication station that has a signature of the authentication station.
  • the certificate is the server certificate (Server Cert) described above with reference to Fig. 5 .
  • the recording and reproducing device (host) has also the host certificate (Host Cert) issued by the authentication station, and access control information is recorded in the certificate.
  • the memory card verifies a writable area and a readable area permitted to the respective devices by referencing the certificate received from an access requesting device.
  • the server certificate (Server Cert) described with reference to Fig. 5 is referenced if the device is a server
  • the host certificate (Host Cert) which is a certificate of the recording and reproducing device (host) is referenced if the device is a recording and reproducing device (host).
  • the data processing unit of the memory card verifies the writable area based on the data recorded in the certificate which the memory card received from the access requesting device and writes data to the verified writable area. For example, the binding key described above with reference to Fig. 6 is written.
  • the readable area is identified based on the data recorded in the certificate of the access requesting device, and data are read from the identified readable area.
  • the binding key described above with reference to Fig. 6 is written to a segment area in which the server is permitted to write based on an access request from the server.
  • the binding key is data which is necessary when the recording and reproducing device (host) executes a content reproducing process.
  • the recording and reproducing device (host) needs to maintain a certificate (host certificate) in which it is permitted to read data from the segment area in which the binding key is written.
  • the recording and reproducing device (host) executes a content reproducing process
  • the recording and reproducing device (host) transmits a host certificate to the memory card.
  • the data processing unit of the memory card verifies the validity of the host certificate through signature verification and then references information on permission to access the protected area recorded in the host certificate to check if information on permission to read data from the segment area in which the binding key is written is recorded. Then, the data processing unit of the memory card reads the binding key and provides the same to the recording and reproducing device (host) only when the read permission information is recorded.
  • FIG. 18 An example of the host certificate possessed by the recording and reproducing device (host) is shown in Fig. 18 .
  • Fig. 18 shows an example of the host certificate (Host Cert) possessed by the recording and reproducing device (host) that executes a content reproducing process. As shown in Fig. 18 , the following data are recorded in the host certificate (Host Cert).
  • type information (Type) 501 type information of a certificate, host information, and the like are recorded. For example, information and the like on whether the host is a PC, a recording and reproducing device, a recording device, or a reproducing device are recorded.
  • PID Read is information indicating a segment area in which it is permitted to read data from the protected area (PA) of the memory card.
  • Writable area information (PAD Write) 503 is information indicating a segment area in which it is permitted to write data to the protected area (PA) of the memory card.
  • Host ID 504 is an area in which a host ID which is the identifier of a host is recorded.
  • a host public key 505 is an area in which the public key of the host is stored.
  • a signature 506 is signature data in which the constituent data of the host certificate are signed with the private key of the authentication station.
  • a server 521 which is a device requesting access to a memory card, a host device 522, and a memory card 530 are shown from left to right.
  • the server 521 is a server that writes a binding key necessary when reproducing the above-described downloaded content or content copied from a disc.
  • the host device 522 is a device that reproduces content stored in the memory card and is a device that needs to acquire a binding key recorded on the memory card in order to decode content.
  • the memory card 530 includes a protected area 540 and a nonprotected area (User Area) 550, and encrypted content and the like are recorded in the nonprotected area (User Area) 550.
  • the binding key is recorded in the protected area 540.
  • the protected area 540 is segmented into a plurality of areas.
  • Fig. 19 an example in which the protected area 540 has two segment areas of a segment area #0 (Protected Area #0) 541 and a segment area #1 (Protected Area #1) 542 is shown.
  • the segment area #0 (Protected Area #0) 541 is set as an area in which a binding key as key data of broadcast content is recorded.
  • the segment area #1 (Protected Area #1) 542 is set as an area in which a binding key as key data of downloaded and copied content is recorded.
  • the binding key provided by the server described above with reference to Figs. 8A to 8C is recorded in the segment area #1 (Protected Area #1) 542.
  • the writable area information (PAD Write) recorded in the server certificate of the server is configured as a certificate in which permission to write data to the segment area #1 (Protected Area #1) is set.
  • the segment area in which writing is permitted is also set to permit reading.
  • the host certificate maintained by the host device 522 which is the reproducing device that reads the binding key recorded in the segment area #1 (Protected Area #1) 542 and executes a content reproducing process is configured as a certificate in which only permission to read data from the segment area #1 (Protected Area #1) is set.
  • a deleting process may be permitted.
  • the data processing unit of the memory card may determine the permissibility of a request from an access requesting device to write and read data to/from the protected area 540 based on the device certificate of the writing device but may permit all deleting requests.
  • permission information on a deleting process may be recorded in the certificate of the access requesting device, and the availability of deletion may be determined based on this recording information.
  • the segment area #0 (Protected Area #0) 541 of the memory card 530 is set as an area in which a binding key as key data of broadcast content is recorded.
  • the broadcast content are received from a broadcast station by the host device 522, such as, for example, a recorder or a PC, having the function of receiving and recording broadcast data and are recorded in a medium.
  • the host device 522 such as, for example, a recorder or a PC, having the function of receiving and recording broadcast data and are recorded in a medium.
  • the binding key which is the key information used for decoding the broadcast content is provided by the broadcast station and received by the host device 522.
  • the host device 522 accesses the memory card 530 and records the key data for broadcast content in the protected area 540 of the memory card 530.
  • an area for recording the key data for broadcast content is defined in advance as the segment area #0 (Protected Area #0) 541.
  • the type of recording data can be defined in advance for each segment area (#0, #1, #2, and the like).
  • the memory card determines the type of data requested for writing or reading in response to a data write or read request from the access requesting device and selects the segment area (#0, #1, #2, and the like) to be used as the data writing destination or the data reading destination.
  • the binding key which is the key information used for decoding broadcast content is written by the host device 522 and is also read by the host device 522 during the reproducing process.
  • the host certificate maintained by the host device 522 is configured as a certificate in which permission to both write and read data to the segment area #0 (Protected Area #0) 541 defined as a recording area of the key data for broadcast content is set.
  • the host certificate (Host Cert) maintained by the host 522 shown in Fig. 19 is a certificate in which it is set such that readable areas are the segment areas #0 and #1 and a writable area is the segment area #0 as shown in the drawing.
  • the server 521 is not permitted to both write and read data to/from the segment area #0 (Protected Area #0) 541 defined as a recording area of the key data for broadcast content, and information on non-permission to write and read data is recorded in the server certificate.
  • segment area #0 Protected Area #0
  • the server 521 is not permitted to both write and read data to/from the segment area #0 (Protected Area #0) 541 defined as a recording area of the key data for broadcast content, and information on non-permission to write and read data is recorded in the server certificate.
  • the server certificate (Server Cert) maintained by the server 521 shown in Fig. 19 is a certificate in which it is set such that a readable area is the segment area #1 and a writable area is the segment area #1 as shown in the drawing.
  • the information on permissibility or impermissibility to write and read data is set as access control information for each access requesting device and for each segment area (#0, #1, #2, and the like).
  • the access control information is recorded in the certificates (the server certificate, the host certificate, and the like) of the respective access requesting devices.
  • the memory card first performs signature verification on the certificate received from the access requesting device to check the validity thereof and reads the access control information including the readable area information (PAD Read) and the writable area information (PAD Write), described in the certificate. Moreover, based on the information, the memory card permits only the process permitted to the access requesting device and executes the process.
  • a CE device such as a recorder or a player
  • a PC personal computer
  • the device certificates are certificates which the individual devices possess and which can be set differently in accordance with the types of these devices.
  • the data processing unit of the memory card may determine the accessibility for each segment area of the protected area based on the type information (Type) 501 described with reference to Fig. 18 as well as the readable area information (PAD Read) and the writable area information (PAD Write) recorded in the device certificate.
  • Type type information
  • PAD Read readable area information
  • PAD Write writable area information
  • a PC 523 as the host device that records data on the memory card 530 and reads data recorded on the memory card 530 and a CE (Consumer Electronics) device 524 such as a recorder or a player are shown.
  • CE Consumer Electronics
  • the protected area 540 of the memory card 530 shown in Fig. 20 has the following segment areas.
  • a segment area #2 (Protected Area #2) 545 is set as an area in which a binding key which is the key data of content corresponding to SD (Standard Definition: standard image quality) image data is recorded.
  • a segment area #3 (Protected Area #3) 546 is set as an area in which a binding key which is the key data of content corresponding to HD (High Definition: high image quality) image data is recorded.
  • the host certificate (Host Cert) maintained by the PC 523 shown in Fig. 20 is a certificate in which it is set such that the device type is PC, a readable area is the segment area #2 and a writable area is the segment area #2 as shown in the drawing.
  • the host certificate (Host Cert) maintained by the CE device 524 is a certificate in which it is set such that the device type is CE, readable areas are the segment areas #2 and #3, and writable areas are the segment areas #2 and #3 as shown in the drawing.
  • the PC 523 is only permitted to write and read data to/from the segment area #2 (Protected Area #2) 545 which is an area in which the binding key which is the key data of content corresponding to SD (Standard Definition: standard image quality) image data is recorded.
  • the PC 523 is not permitted to write and read data to/from the segment area #3 (Protected Area #3) 546 which is an area in which the binding key which is the key data of content corresponding to HD (High Definition: high image quality) image data is recorded.
  • the CE device 524 is only permitted to write and read data to/from the segment area #2 (Protected Area #2) 545 which is an area in which the binding key which is the key data of content corresponding to SD (Standard Definition: standard image quality) image data is recorded. Moreover, the CE device 524 is also permitted to write and read data to/from the segment area #3 (Protected Area #3) 546 which is an area in which the binding key which is the key data of content corresponding to HD (High Definition: high image quality) image data is recorded.
  • the access control information can be set in accordance with the type of the device.
  • the data processing unit of the memory card may determine the accessibility (availability of reading/writing) to the segment area based on the access control information, namely the readable area information (PAD Read) and the writable area information (PAD Write), recorded in the device certificate and may determine the accessibility for each segment area of the protected area based on the type information (Type).
  • the access control information namely the readable area information (PAD Read) and the writable area information (PAD Write)
  • the plurality of segment areas set in the protected area 540 of the memory card 530 can be configured as areas in which contents requiring different security levels are stored.
  • contents requiring different security levels For example, premium content and broadcast recording content, or SD-size content and HD-size content may be stored in different segment areas.
  • each segment area can be flexibly controlled by setting such that either recording or reproducing is permitted in accordance with devices having different security levels. That is, different use types are applied to a server and a client, or a PC and a CE device.
  • an attribute may be added to the certificate.
  • the following methods can be considered.
  • the host device has a plurality of certificates for one key.
  • the access right of a specific device can be changed by the above-described methods (1) to (3).
  • a CPU (Central Processing Unit) 701 functions as the data processing unit that executes various processes in accordance with the program stored in a ROM (Read Only Memory) 702 or a storage unit 708.
  • the CPU 701 executes communication with the server, recording of data received from the server on the memory card (a removable medium 711 in the drawing), reproducing of data from the memory card (the removable medium 711 in the drawing) described in the respective embodiments.
  • the program executed by the CPU 701, data, and the like are appropriately stored in a RAM (Random Access Memory) 703.
  • the CPU 701, the ROM 702, and the RAM 703 are connected to each other by a bus 704.
  • the CPU 701 is connected to an input/output interface 705 through the bus 704.
  • the input/output interface 705 is connected to an input unit 706 including various switches, a keyboard, a mouse, and a microphone and an output unit 707 including a display and a speaker.
  • the CPU 701 executes various processes in accordance with instructions input from the input unit 706 and outputs the processing results, for example, to the output unit 707.
  • the storage unit 708 connected to the input/output interface 705 is formed of a hard disk, for example, and stores the program executed by the CPU 701 and various data.
  • a communication unit 709 communicates with external devices through a network such as the Internet or a local area network.
  • a drive 710 connected to the input/output interface 705 drives the removable medium 711 such as a magnetic disc, an optical disc, an opto-magnetic disc, or a semiconductor memory to acquire various data such as content or key information recorded thereon.
  • the content is decoded and reproduced in accordance with a reproducing program executed by the CPU using the acquired content and key data.
  • Fig. 22 shows an example of a hardware configuration of the memory card.
  • a CPU (Central Processing Unit) 801 functions as the data processing unit that executes various processes in accordance with the program stored in a ROM (Read Only Memory) 802 or a storage unit 807.
  • the CPU 801 executes communication with the server and the host device, writing and reading of data to/from the storage unit 807, determination on the accessibility for each segment area of a protected area 811 of the storage unit 807 described in the respective embodiments.
  • the program executed by the CPU 801, data, and the like are appropriately stored in a RAM (Random Access Memory) 803.
  • the CPU 801, the ROM 802, and the RAM 803 are connected to each other by a bus 804.
  • the CPU 801 is connected to an input/output interface 805 through the bus 804.
  • the input/output interface 805 is connected to a communication unit 806 and the storage unit 807.
  • a communication unit 804 connected to the input/output interface 805 communicates with the server and the host device, for example.
  • the storage unit 807 is a data storage area, and as described above, includes the protected area 811 in which access restriction is set and a nonprotected area 812 in which data can be freely recorded and read.
  • the server can be realized by a device having the same hardware configuration as the host device shown in Fig. 21 , for example.
  • the series of processes described in this specification can be performed by hardware, software, or a combination thereof.
  • a program including the process sequence can be installed in and executed by a memory of a computer assembled into exclusive hardware.
  • the program can be installed in and executed by a general-purpose computer performing various processes.
  • the program can be recorded in a recording medium in advance.
  • the program can be installed not only in a computer from a recording medium but may be also received through a network such as a LAN (Local Area Network) and the Internet and installed in a recording medium such as a built-in hard disk.
  • LAN Local Area Network
  • the information processing device includes a memory having a protected area which is a data recording area in which access restriction is set; and a data processing unit that determines accessibility in response to a request for accessing the protected area from an access requesting device.
  • the data processing unit verifies a device certificate received from the access requesting device and determines accessibility to the protected area based on access control information recorded in the device certificate. For example, the availability of writing and reading of data to/from each of the segment areas of the protected area is determined based on the access control information for each segment area of the protected area. Through this process, the access of each device to each segment area is controlled.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
  • Signal Processing For Digital Recording And Reproducing (AREA)
EP11166932.1A 2010-06-24 2011-05-20 Dispositif de traitement d'informations, procédé de traitement d'informations et programme Active EP2400491B1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2010143361A JP2012008756A (ja) 2010-06-24 2010-06-24 情報処理装置、および情報処理方法、並びにプログラム

Publications (2)

Publication Number Publication Date
EP2400491A1 true EP2400491A1 (fr) 2011-12-28
EP2400491B1 EP2400491B1 (fr) 2019-11-13

Family

ID=44224654

Family Applications (1)

Application Number Title Priority Date Filing Date
EP11166932.1A Active EP2400491B1 (fr) 2010-06-24 2011-05-20 Dispositif de traitement d'informations, procédé de traitement d'informations et programme

Country Status (4)

Country Link
US (1) US8782407B2 (fr)
EP (1) EP2400491B1 (fr)
JP (1) JP2012008756A (fr)
CN (1) CN102298557A (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2854061A4 (fr) * 2012-05-21 2016-01-06 Sony Corp Dispositif de traitement d'informations, dispositif d'enregistrement d'informations, système de traitement d'informations et procédé de traitement d'informations, ainsi que programme
EP2854067A4 (fr) * 2012-05-21 2016-01-13 Sony Corp Dispositif de traitement d'informations, système de traitement d'informations, procédé de traitement d'informations et programme
EP2854060A4 (fr) * 2012-05-21 2016-01-13 Sony Corp Dispositif de traitement d'informations, système de traitement d'informations, procédé de traitement d'informations et programme

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9588803B2 (en) 2009-05-11 2017-03-07 Microsoft Technology Licensing, Llc Executing native-code applications in a browser
US9495183B2 (en) 2011-05-16 2016-11-15 Microsoft Technology Licensing, Llc Instruction set emulation for guest operating systems
US11620719B2 (en) 2011-09-12 2023-04-04 Microsoft Technology Licensing, Llc Identifying unseen content of interest
JP5100884B1 (ja) * 2011-12-02 2012-12-19 株式会社東芝 メモリ装置
US9413538B2 (en) * 2011-12-12 2016-08-09 Microsoft Technology Licensing, Llc Cryptographic certification of secure hosted execution environments
JP4991971B1 (ja) * 2012-03-08 2012-08-08 株式会社東芝 被認証装置及びその認証方法
JP2013118616A (ja) * 2012-09-24 2013-06-13 Toshiba Corp メモリ装置
JP6524635B2 (ja) * 2013-11-06 2019-06-05 株式会社リコー 情報蓄積システム及び情報蓄積方法
CN106063182B (zh) * 2013-12-31 2019-11-19 威斯科数据安全国际有限公司 电子签名方法、系统及设备
US20160306955A1 (en) * 2015-04-14 2016-10-20 Intel Corporation Performing user seamless authentications
US10033732B1 (en) * 2016-11-09 2018-07-24 Symantec Corporation Systems and methods for detecting cloning of security tokens
JP6736456B2 (ja) * 2016-11-17 2020-08-05 キオクシア株式会社 情報処理装置およびプログラム
US11722312B2 (en) * 2020-03-09 2023-08-08 Sony Group Corporation Privacy-preserving signature

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006066604A1 (fr) * 2004-12-22 2006-06-29 Telecom Italia S.P.A. Procede et systeme de controle d'acces et de protection des donnees dans des memoires numeriques, memoire numerique apparentee et programme informatique correspondant
EP1777628A1 (fr) * 2004-06-30 2007-04-25 Matsushita Electric Industrial Co., Ltd. Support d'enregistrement, et dispositif et procede pour enregistrer des informations sur un support d'enregistrement
US20070162964A1 (en) * 2006-01-12 2007-07-12 Wang Liang-Yun Embedded system insuring security and integrity, and method of increasing security thereof
JP2008098765A (ja) 2006-10-06 2008-04-24 Sony Corp 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
EP2045752A2 (fr) * 2007-10-02 2009-04-08 Sony Corporation Système d'enregistrement, appareil de traitement d'informations, appareil de stockage, procédé d'enregistrement et programme
US20090232314A1 (en) * 2008-03-14 2009-09-17 Kabushiki Kaisha Toshiba Apparatus, method, and computer program product for processing information
JP2010143361A (ja) 2008-12-18 2010-07-01 Nissan Motor Co Ltd 電動車両用自動変速機の回生制動時変速制御装置

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4118092B2 (ja) * 2002-06-19 2008-07-16 株式会社ルネサステクノロジ 記憶装置および情報処理装置
JP2004247799A (ja) * 2003-02-12 2004-09-02 Hitachi Ltd 公開鍵証明書を利用したアクセス制御を行う情報システム
EP1836641A2 (fr) * 2004-12-21 2007-09-26 SanDisk Corporation Commande de contenu polyvalente avec segmentation
CN101490687B (zh) * 2006-07-07 2012-04-18 桑迪士克股份有限公司 使用身份对象的控制系统及方法
US20100138652A1 (en) * 2006-07-07 2010-06-03 Rotem Sela Content control method using certificate revocation lists
JP2008027007A (ja) * 2006-07-18 2008-02-07 Canon Inc コンテンツ管理システム及びその制御方法
JP5006388B2 (ja) * 2007-04-19 2012-08-22 パナソニック株式会社 データ管理装置
JP4740926B2 (ja) * 2007-11-27 2011-08-03 フェリカネットワークス株式会社 サービス提供システム、サービス提供サーバ、及び情報端末装置

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1777628A1 (fr) * 2004-06-30 2007-04-25 Matsushita Electric Industrial Co., Ltd. Support d'enregistrement, et dispositif et procede pour enregistrer des informations sur un support d'enregistrement
WO2006066604A1 (fr) * 2004-12-22 2006-06-29 Telecom Italia S.P.A. Procede et systeme de controle d'acces et de protection des donnees dans des memoires numeriques, memoire numerique apparentee et programme informatique correspondant
US20070162964A1 (en) * 2006-01-12 2007-07-12 Wang Liang-Yun Embedded system insuring security and integrity, and method of increasing security thereof
JP2008098765A (ja) 2006-10-06 2008-04-24 Sony Corp 情報処理装置、および情報処理方法、並びにコンピュータ・プログラム
EP2045752A2 (fr) * 2007-10-02 2009-04-08 Sony Corporation Système d'enregistrement, appareil de traitement d'informations, appareil de stockage, procédé d'enregistrement et programme
US20090232314A1 (en) * 2008-03-14 2009-09-17 Kabushiki Kaisha Toshiba Apparatus, method, and computer program product for processing information
JP2010143361A (ja) 2008-12-18 2010-07-01 Nissan Motor Co Ltd 電動車両用自動変速機の回生制動時変速制御装置

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
INTEL CORPORATION AND OTHERS: "Advanced Access Content System (AACS) - Introduction and Common Cryptographic Elements (Revision 0.91)", INTERNET CITATION, 17 February 2006 (2006-02-17), XP002438245, Retrieved from the Internet <URL:http://web.archive.org/web/20060319164126/www.aacsla.com/specificatio ns/specs091/AACS_Spec_Common_0.91.pdf> [retrieved on 20070619] *
INTEL CORPORATION AND OTHERS: "Advanced Access Content System (AACS) - Recordable video book (Revision 0.91)", INTERNET CITATION, 17 February 2006 (2006-02-17), XP002438246, Retrieved from the Internet <URL:http://web.archive.org/web/20060322184826/www.aacsla.com/specificatio ns/specs091/AACS_Spec_Recordable_0.91.pdf> [retrieved on 20070619] *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2854061A4 (fr) * 2012-05-21 2016-01-06 Sony Corp Dispositif de traitement d'informations, dispositif d'enregistrement d'informations, système de traitement d'informations et procédé de traitement d'informations, ainsi que programme
EP2854067A4 (fr) * 2012-05-21 2016-01-13 Sony Corp Dispositif de traitement d'informations, système de traitement d'informations, procédé de traitement d'informations et programme
EP2854060A4 (fr) * 2012-05-21 2016-01-13 Sony Corp Dispositif de traitement d'informations, système de traitement d'informations, procédé de traitement d'informations et programme

Also Published As

Publication number Publication date
JP2012008756A (ja) 2012-01-12
CN102298557A (zh) 2011-12-28
US8782407B2 (en) 2014-07-15
EP2400491B1 (fr) 2019-11-13
US20110320812A1 (en) 2011-12-29

Similar Documents

Publication Publication Date Title
EP2400491B1 (fr) Dispositif de traitement d&#39;informations, procédé de traitement d&#39;informations et programme
US9311956B2 (en) Information processing device, information processing method, and program
US8914646B2 (en) Information processing apparatus and information processing method for determining access permission
US8549620B2 (en) Information processing device, data processing method, and program
US8799604B2 (en) Data storage apparatus, information processing apparatus, information processing method, and program
EP2717185B1 (fr) Dispositif de traitement d&#39;informations, procédé de traitement d&#39;informations et programme associé
EP2804341B1 (fr) Dispositif de stockage d&#39;informations, système de traitement d&#39;informations, procédé de traitement d&#39;informations, et programme
EP2400493B1 (fr) Dispositif de traitement d&#39;informations, procédé de traitement d&#39;informations et programme
US8972301B2 (en) Information processing device, data processing method, and program
KR20130029718A (ko) 정보 처리 장치, 정보 처리 방법 및 프로그램
US9600638B2 (en) Information processing apparatus, information processing method, and program
JP2009272002A (ja) 情報処理装置、ディスク、および情報処理方法、並びにプログラム
US20130039485A1 (en) Information processing system, reproducing device, information processing device, information processing method, and program

Legal Events

Date Code Title Description
17P Request for examination filed

Effective date: 20110609

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17Q First examination report despatched

Effective date: 20150209

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

INTG Intention to grant announced

Effective date: 20190527

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 1202503

Country of ref document: AT

Kind code of ref document: T

Effective date: 20191115

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602011063320

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20191113

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200213

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200313

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200214

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200213

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200313

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602011063320

Country of ref document: DE

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1202503

Country of ref document: AT

Kind code of ref document: T

Effective date: 20191113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20200814

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200531

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200531

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20200531

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20200520

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200520

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200531

Ref country code: GB

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200520

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200520

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20200531

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20210421

Year of fee payment: 11

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191113

REG Reference to a national code

Ref country code: DE

Ref legal event code: R119

Ref document number: 602011063320

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20221201